﻿using IService.Managemen;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using SqlSugar;
using System.Security.Claims;

namespace ManagementPlatform.Utillity.Autheorza
{
    /// <summary>
    /// 因为我们要自定义授权， 他需要继承IAuthorizationRequirement接口，所以我们自定义一个类AuthorizaRequirement继承IAuthorizationRequirement接口 然后传递给AddAuthorization方法
    /// </summary>
    public class AuthorizaRequirement : IAuthorizationRequirement
    {
    }
    /// <summary>
    /// 验证处理程序,这个类是用来处理授权的，我们可以自定义一个类来实现这个接口，然后在AddAuthorization方法中添加进去 
    /// </summary>
    public class AuthorizaHandler : AuthorizationHandler<AuthorizaRequirement>
    {
        IRoleService IRoleService { get; set; }
        public AuthorizaHandler(IRoleService IRoleService)
        {
            this.IRoleService = IRoleService;
        }
        /// <summary>
        /// 这里添加授权逻辑，如果验证通过，我们可以调用context.Succeed(requirement)方法，如果验证不通过
        /// </summary>
        /// <param name="context"></param>
        /// <param name="requirement"></param>
        /// <returns></returns>
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AuthorizaRequirement requirement)
        {
            var claim = context.User.FindFirstValue("Uid");
            if (claim != null)
            {
                var pathUrl = (context.Resource as HttpContext).Request.Path;

                //通过获取上下文地址来对比是否在菜单中存在，如果存在则授权通过
                var userRole = IRoleService.FindUserRole(Convert.ToInt32(claim), pathUrl).Result;

                if (userRole)
                {
                    context.Succeed(requirement);
                }

            }

            return Task.CompletedTask;



        }
        /// <summary>
        /// 如果验证通过，会调用这个方法，我们可以在这个方法中添加一些自定义的逻辑
        /// </summary>
        /// <param name="context"></param>
        /// <returns></returns>
        public override Task HandleAsync(AuthorizationHandlerContext context)
        {
            return base.HandleAsync(context);
        }
    }
    /// <summary>
    /// IAuthenticationHandler 这个接口是用来处理身份验证的（请注意是鉴权不是授权），我们可以自定义一个类来实现这个接口，然后在AddAuthentication方法中添加进去 、然后指定自定义的验证方案，这也是cookie验证的原理
    /// </summary>
    /// public class AuthorizaHandler : IAuthenticationHandler
    //{
    //    public Task<AuthenticateResult> AuthenticateAsync()
    //    {
    //        throw new NotImplementedException();
    //    }

    //    public Task ChallengeAsync(AuthenticationProperties? properties)
    //    {
    //        throw new NotImplementedException();
    //    }

    //    public Task ForbidAsync(AuthenticationProperties? properties)
    //    {
    //        throw new NotImplementedException();
    //    }

    //    public Task HandleAsync(AuthorizationHandlerContext context)
    //    {
    //        throw new NotImplementedException();
    //    }

    //    public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
    //    {
    //        throw new NotImplementedException();
    //    }

    //} 
}
               